REMARKS 

[0003] Applicant respectfully requests reconsideration and allowance of all of the 
claims of the application. Claims 5, 6, 8, 19-20, and 24-35, and 37-41 are presently 
pending. Claims 25, 30, 34, 37-39 are amended herein. Claim 36 is cancelled herein 
without prejudice or disclaimer. 

Statement of Substance of Phone Interview 

[0004] The Examiner graciously talked with me — the undersigned representative 
for the Applicant — on May 23, 2008, Applicant greatly appreciates the Examiner's 
willingness to talk. Such willingness is invaluable to both of us in our common goal of 
an expedited prosecution of this patent application. 

[0005] During the interview, 1 discussed how the claims differed from the cited 
references. Without conceding the propriety of the rejections and in the interest of 
expediting prosecution, I also proposed several possible clarifying amendments. The 
Examiner tentatively indicated that further clarification would be helpful to specify the 
scope of the claims. 

[0006] Applicant herein amends the claims in the manner discussed during the 
interview. Accordingly, Applicant submits that the pending claims are allowable over the 
cited references of record for at least the reasons discussed during the interview. 

Formal Request for an Interview 

[0007] If the Examiner's reply to this communication is anything other than 
allowance of all pending claims, then 1 formally request an interview with the Examiner. 
1 encourage the Examiner to call me— the undersigned representative for the Applicant — 
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so that we can talk about this matter so as to resolve any outstanding issues quickly and 
efficiently over the phone. 

[0008] Please contact me to schedule a date and time for a telephone interview that 
is most convenient for both of us. While email works great for me, I welcome your call 
as well. My contact information may be found on the last page of this response. 

Claim Amendments 

[0009] Without conceding the propriety of the rejections herein and in the interest of 
expediting prosecution, Applicant amends claims 25, 30, 34, 37-39 herein. Claim 36 is 
cancelled without disclaimer or prejudice. These claim amendments are fully supported 
in the Application. Accordingly, entry to the file is respectfully requested. 

[0010] Applicant amends the claim to clarify claimed features. Such amendments 
are made to expedite prosecution and more quickly identify allowable subject matter. 
Such amendments are merely intended to clarify the claimed features, and should not be 
construed as further limiting the claimed invention in response to the cited references. 



Substantive Matters 

Claim Rejections under § 102 

[0011] Claims 25, 30, and 34 stand rejected under 35 U.S.C. § 102(e) for being 
anticipated by U.S. Patent Application Publication No. 2002/0019945 to Houston et al. 
("Houston"). In light of the amendments presented herein, Applicant submits that these 
rejections are moot. Accordingly, Applicant asks the Examiner to withdraw these 
rejections. 
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[0012] Independent claim 25, as amended, recites (with Emphasis added): 
25. A method . . ., comprising: 



receiving all event data generated and represented in a common 
event data format by a plurality of event providers . . .; 

determining...; and 

sending the event data to the plurality of event consumers for direct 
handling by the plurality of event consumers without altering the 
common event data format in which the event data is represented; 

wherein: 

an extensible common information model (CIM) is utilized to 
encapsulate managed objects, the managed objects comprising each of 
the plurality of event providers and each of the plurality of event 
consumers in the WMI environment; 

the CIM is defined by a Managed Object Format (MOF) language 
and the CIM is implemented by one or more WMI classes; and 

the common event data f ormat is implemented by the one or more 
WMI classes to encapsulate all event data from the managed objects. 

[0013] Applicant respectfully submits that the amended features "receiving all 
event data generated and represented in a common event data format", "sending the event 
data to the plurality of event consumers for direct handling by the plurality of event 
consumers without altering the common event data format in which the event data is 
represented" and "wherein the common event data format is implemented by the one or 
more WMI classes to encapsulate all event data..." are completely absent in Houston. 
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[0014] Houston describes a computer-implemented system for managing security 
event data collected from a computing network. The system employs an event managing 
software module that can reside on a computing network. The managing software 
module collects security event data from security devices located in the computing 
network and can process the security event data. In processing the security event data, 
the event manager module can format the data and create manageable summaries of the 
data. The event manager also supports storage of the security event data and the results 
of any processing performed on the data. 

[0015] With respect to the data format, Houston teaches a data collection method 
illustrated in Fig. 8 starting with step 805 (a sensor within a security system located on 
the network generates a security event). The data generated from this security event is 
sent to the collector 225. Because the collector 225 is gathering data from a variety of 
different security systems located throughout the network, the collector 225 preferably 
converts the varied data to a uniform format at the collector 225. In step 815, the 
collector 225 converts all the gathered event data to a common format, and then stores the 
data in a database 220 for future use or analysis. (Houston, paragraph [0050]). 

[0016] By Houston's teaching of the collector 225 receiving data from a variety of 
different security system and converting varied data to a uniform format at the collector 
225, Applicant submits that Houston does not teach "receiving event data represented in a 
common event data format." because if the data from the variety of different security 
systems are generated in a common event data format, Step 8 1 5 (converting event data to 
common format) would be redundant and unnecessary. Consequently, since the collector 
225 re- formats the received event data into a common format, Houston does not teach 
"sending the event data to the plurality of event consumers for direct handling by the 
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plurality of event consumers without altering the common event data format in 
which the event data is represented ". (Emphasis added). On the contrary. Houston's 
teaching directly conflicts with this feature in the amended claim 25. 

[0017] Furthermore, it is recited in the amended claim 25 that i4 [t]he common 
event data format is implemented by the one or more WMI classes to encapsulate all 
event data from the managed objects." This feature is completely absent in Houston. 

[0018] Applicant submits that Houston does not teach providing a centralized 
collection and event data handling mechanism in a Window Management Instrumentation 
(WMI) environment, nor does Houston explicitly disclose the above features to be 
implemented in WML 

Web-Based Enterprise Management (WBEM) provides uniform access to 
management information throughout an enterprise. WBEM is an industry 
initiative to develop technology for accessing management information in 
an enterprise environment. This management information includes, for 
example, information on the state of system memory, inventories of 
currently installed client applications, and other information related to the 
status of the system. A particular embodiment of the event-handling 
system is implemented using Windows Management Instrumentation 
(WMI) developed by Microsoft Corporation of Redmond, Washington, 
which provides an infrastructure to handle various events generated by 
event sources throughout an enterprise. WMI is Microsoft Corporation's 
implementation of WBEM. 

(Specification at p.4 line 23-p.5 line 9 with Emphasis). 
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[0019] Similarly, the WMI classes recited in amended claim 25 are proprietary 
Application Programming Interfaces provided by Microsoft Corporation to implement 
WMI. Applicant points to the paragraph beginning on page 5 line 20 of the Specification, 
in which a clear description of "WMI class" is provided and reproduced as follows (with 
Emphasis added): 

WMI classes define the basic units of management. Each WMI class is a 
template for a type of managed object. For example, Win32_DiskDrive is a 
model representing a physical disk drive. For each physical disk drive that 
exists, there is an instance of the Wiii32_DiskDrive class. WMI classes 
may contain properties, which describe the data of the class and methods, 
which describe the behavior of the class. 

WMI classes describe managed objects that are independent of a particular 
implementation or technology. WMI includes an eventing subsystem that 
follows the publish-subscribe model, in which an event consumer 
subscribes for a selection of events (generated by one or more event 
providers) and performs an action as a result of receiving the event. WMI 
also provides a centralized mechanism for collecting and storing event data. 
This stored event data is accessible by other systems via WMI tools and/or 
application programming interfaces (APIs). 

[0020] Accordingly, in view of the amended claim 25, Applicant respectfully 
submits that Houston does not explicitly teach the security system to be implemented 
using proprietary WMI tools and/or interfaces. 

[0021] Furthermore, amended feature "an extensible common information model 
(CIM) defined by Managed Object Format (MOF) language and implemented by one or 
more WMI classes is utilized to encapsulate all managed objects in the WMI environment 
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comprising each of the plurality of event providers and each of the plurality of event 
consumers'* is also absent in Houston. Since the feature is implemented by WMI classes 
in WMI environment, Applicant submits that the feature is not disclosed in Houston for at 
least the reasons presented above. 

[0022] Therefore, amended claim 25 is respectfully asserted patentably distinct 
from Houston. Independent claims 30 and 34 are amended to recite similar features and 
therefore are also asserted patentably distinct from Houston. 

[0023] In addition to the reasons above., independent claim 34 further recites 
(Emphasis added): 

determining a meta-policy from a plurality of WMI policies as to 
which one or more event consumers handle the received event data, the 
determining comprising: 

associating each of the plurality of WMI policies with at 
least one of the one or more event consumers, wherein each of the 
plurality of WMI policies includes information known to the one of 
the one or more event consumers; and 

creating a meta-policy to control applying the plurality of 
WMI policies to the one of the one or more event consumers, 
wherein the meta-policy is configured to control the applying by 
preventing the applying while checking the plurality of WMI 
policies for conflicts; and 

[0024] Applicant respectfully submits that the policy determination as recited in 
amended claim 34 is absent in Houston. 
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[0025] After the collector 225 collects a variety of event data from different 
security systems. Houston teaches the event manager 140 ''automatically analyzing the 
event data, and providing the results of any analysis to the users of the event manager 
140/' (Houston at paragraph [0042], line 4). Houston goes on and further discloses that 
'*[t]he result module 235 provides client 115 with results from the analyzer module 265, 
The client 115 can also get additional data concerning a security event from the database 
server 145 through the event details module 250../' Id. 

[0026] Nevertheless, detailed steps concerning the policy determination 
emphasized in claim 34 are completely absent in Houston. In fact, Houston is silent in 
generating a meta-policy based on a plurality of WMI policies. 

[0027] Therefore, in addition to the reasons given above with respect to claims 25 
and 30, independent claim 34 is further asserted patentably distinct from Houston for the 
reason elaborated above. 

Claim Rejections under § 103 

[0028] Claims 5-6, 8, 19-20, 24, 26-29, 31-33, and 35-41 stand rejected under 35 
U.S.C. § 103(a) as being unpatentable over Houston in view of U.S. Patent No. 5,889,953 
to Thebaut et al. ("Thebauf '). 

[0029] Thebaut describes determining an enforceable policy applicable to one or 
more network devices. The method includes attaching one or more rule elements to one 
or more domain elements to create policies, the domain elements representing network 
devices and groups of network devices, and the rule elements defining actions, a method 
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for determining whether a conflict exists between the policies, and a method for resolving 
the conflicts to produce one or more enforceable policies. 

[0030] In view of independent claims upon which the above claims depend, 
Applicant respectfully submits that Thebaut fails to cure the deficiency of Houston with 
respect to "[Receiving all event data generated and represented in a common event data 
format", "sending the event data to the plurality of event consumers for direct handling 
by the plurality of event consumers without altering the common event data format in 
which the event data is represented" and "the common event data format is implemented 
by the one or more WM1 classes to encapsulate all event data" as well as "[a]n extensible 
common information model (CIM) [being] defined by Managed Object Format (MOF) 
language and [being] implemented by one or more WMI classes [to] encapsulate 
managed objects in the WMI environment ..." 

[0031] Applicant further submits that since neither of the cited references, either 
alone or in combination, teaches or suggests at least the above features, these features 
would not have been obvious to a person with ordinary skills in the art when the instant 
invention was conceived. 

[0032] Therefore, Applicant respectfully submits that these rejections to above 
dependent claims are at least rendered moot in light of the claim amendments to 
independent claims 25, 30, and 34. Accordingly, these claims are asserted patentable 
over Houston in view of Thebaut. 
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Dependent Claims 



[0033] In addition to its own merits, each dependent claim is allowable for the 
same reasons that its base claim is allowable. Applicant requests that the Examiner 
withdraw the rejection of each dependent claim where its base claim is allowable. 

Conclusion 

[0034] All pending claims are in condition for allowance. Applicant respectfully 
requests reconsideration and prompt issuance of the application. If any issues remain that 
prevent issuance of this application, the Examiner is urged to contact me before 
issuing a subsequent Action . Please call/email me at your convenience. 



Respectfully Submitted. 



Lee & Hayes, PLLC 
Representatives for Applicant 
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